Answers to Common Problems

This sections introduces workaround instructions for some problem situations.

Troubleshooting GSSAPI Authentication

When connecting from a Windows 5.x or 6.x client to a Windows 4.x server using GSSAPI authentication, if authentication fails although GSSAPI has been correctly configured, you may have to disable the LMHOSTS lookup on the client-side computer. Follow these instructions:

Select Control Panel → Network Connections.

In Local Area Connection, right-click and select Properties.

In the Local Area Connection Properties dialog box, General tab, select Internet Protocol (TCP/IP) and click the Properties button.

In the Internet Protocol (TCP/IP) Properties dialog box, in the General tab, click the Advanced button.

In some cases on Windows XP clients, the window for the password or the public-key passphrase can lose focus. This means that the password window is shown active on the screen, but when you start typing your password, the asterisks do not appear in the box. If the actual focus happens to be in an other window, your password or passphase may appear there.

The password window loses focus most often when you have the Tectia Connection Broker status window open. So the first workaround is to make sure the status window is not open while you start logging in.

A permanent solution to the problem is to modify the Windows settings that control the behaviour of the applications. By default, Windows has on a setting that prevents applications from stealing the focus. As a workaround, you can allow applications to steal the focus. Note that the setting affects all Windows applications, not just the Tectia Connection Broker.

To be able to change the setting, you need to download the Microsoft Tweak UI utility program. Follow these instructions:

This indicates that the remote server's host key has not been saved on the client, or it has been saved under a different name. The hostname can occur in 3 different formats: FQDN, short hostname, or IP-address. The host key is always saved under the hostname used in the login.

The FTP-SFTP conversion requires that you have the host key saved under the same hostname as defined in the connection profile, because the FTP-SFTP uses the profiles when connecting to remote hosts.

To avoid unnecessary host-key-changed situations, use the profile name when connecting to a remote host. For example, use the following command syntax to log in from command line:

sshg3 <profilename>

Copyright 2012 Tectia Corporation This software is protected by international copyright laws. All rights reserved.Contact Information

What to read next:

Reduce Secure Shell risk. Get to know the NIST 7966.

The NISTIR 7966 guideline from the Computer Security Division of NIST is a direct call to action for organizations regardless of industry and is a mandate for the US Federal government. Download now

ISACA Practitioner Guide for SSH

With contributions from practitioners, specialists and SSH.COM experts, the ISACA “SSH: Practitioner Considerations” guide is vital best practice from the compliance and audit community.Download now